nanog mailing list archives

Re: scaling linux-based router hardware recommendations

From: Ray Soucy <rps () maine edu>
Date: Thu, 29 Jan 2015 16:56:27 -0500

"For us, open source isn't just a business model; it's smart
engineering practice." -- Bruce Schneier

I hope I'm not the only one, but I think the NSA (and other state
actors) intentionally introducing systemic weaknesses or backdoors
into critical infrastructure is pretty ... reckless.  I really can't
figure out if it's arrogance or just plain naivety on their part, but
they seem pretty confident that the information won't ever fall into
the wrong hands and keep pushing forward.

So for me, this is an area I've very interested in seeing some progress.

I think most people don't realize that if you only care about 1G
performance levels, commodity hardware can be more than fine.  Linux
netfilter makes a really great firewall, and it's the most
peer-reviewed in the world.




On Wed, Jan 28, 2015 at 6:18 PM, Adrian Chadd <adrian () creative net au> wrote:

[snip]

To inject science into the discussion:

http://bsdrp.net/documentation/examples/forwarding_performance_lab_of_an_ibm_system_x3550_m3_with_10-gigabit_intel_x540-at2

And he maintains a test setup to check for performance regressions:

http://bsdrp.net/documentation/examples/freebsd_performance_regression_lab

Now, this is using the in-kernel stack, not netmap/pfring/etc that
uses all the batching-y, stack-shallow-y implementations that the
kernel currently doesn't have. But, there are people out there doing
science on it and trying very hard to kick things along. The nice
thing about what has come out of the DPDK related stuff is, well, the
bar is set very high now. Now it's up to the open source groups to
stop messing around and do something about it.


If you're interested in more of this stuff, go poke Jim at pfsense/netgate.


-adrian
(This and RSS work is plainly in my "stuff I do for fun" category, btw.)




-- 
Ray Patrick Soucy
Network Engineer
University of Maine System

T: 207-561-3526
F: 207-561-3531

MaineREN, Maine's Research and Education Network
www.maineren.net

Current thread:

Re: scaling linux-based router hardware recommendations, (continued)
- - - Re: scaling linux-based router hardware recommendations Robert Bays (Jan 28)
    - Re: scaling linux-based router hardware recommendations Charles N Wyble (Jan 28)
    - Re: scaling linux-based router hardware recommendations Colin Johnston (Jan 28)
    - Re: scaling linux-based router hardware recommendations Mark Tinka (Jan 28)
    - Re: scaling linux-based router hardware recommendations Nick Hilliard (Jan 28)
    - Re: scaling linux-based router hardware recommendations Baldur Norddahl (Jan 28)
- Re: scaling linux-based router hardware recommendations Eddie Tardist (Jan 27)
  - Re: scaling linux-based router hardware recommendations Eduardo Meyer (Jan 28)
- Re: scaling linux-based router hardware recommendations Philip (Jan 28)
  - Re: scaling linux-based router hardware recommendations Adrian Chadd (Jan 28)
    - Re: scaling linux-based router hardware recommendations Ray Soucy (Jan 29)